Stored cross-site-scripting (XSS) vulnerability in Cacti - CVE-2023-39366ID: oval:org.secpod.oval:def:93929 | Date: (C)2023-10-20 (M)2023-12-11 |
Class: VULNERABILITY | Family: windows |
The host is installed with Cacti 1.2.0 before 1.2.25 and is prone to a stored cross-site-scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a malicious device name and the `data_sources.php` script. Successful exploitation allows an authenticated attacker to poison data stored in the cacti's database, which will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows 11 |
Microsoft Windows Server 2022 |